BackBox.org News
  • BackBox.org
  • Linux
  • Community
  • News
  • Services
  • Sitemap
  • Contact
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

May 25, 2026/in General News

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.

The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of

The Hacker News – ​Read More

Share this entry
  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on LinkedIn
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png 0 0 admin https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png admin2026-05-25 08:06:392026-05-25 08:06:39TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Search Search
Copyright © BackBox.org
  • Link to X
  • Link to Facebook
  • Link to LinkedIn
  • Link to Youtube
  • Link to Telegram
Link to: Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Link to: Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Att... Link to: DocketWise Data Breach Impacts 143,000 Link to: DocketWise Data Breach Impacts 143,000 DocketWise Data Breach Impacts 143,000
Scroll to top Scroll to top Scroll to top